Managing user permissions

This section explains how to edit user permissions, add and remove users or groups, disable or enable inheritance, restore inherited permissions if they were overridden, and view effective permissions for a user.

By default, inheritance is enabled for all objects (users and groups). This means that permissions are automatically carried over from the parent object. You can turn inheritance on or off for all objects at the current level.

Effective permissions are the permissions that are in effect for a user at any particular level.

For more information on the underlying concepts, see Granular access control and Inheritance and overrides.

Click the User Permissions icon in the top right corner.
In the Enterprise Manager User Permissions window, select one of the following tabs:
- Enterprise Manager to specify Enterprise Manager-wide user permissions.
  
  Information note
  Note Changes to Enterprise Manager permissions will affect all levels that inherit those permissions.
- Analytics to specify Analytics permissions.
- Notifications to specify notification permissions.
- All Servers to specify permissions for all monitored servers.

In Servers view, select the desired server and then select Permissions from the Server Management toolbar drop-down menu.
In the User Permissions for server: '{server name}' window, select one of the following tabs:
- Server to specify server-wide user permissions.
- All Tasks to specify permissions for all tasks on this server.
- All Endpoints to specify permissions for all endpoints on this server.

In the tab for a specific task, click the task permissions icon in the task toolbar.

The User Permissions for task: {task name} window opens.

In the User Permissions window, click Disable Inheritance.

Information note
This option disconnects the entire authorization level from the parent level.
In the Disable Inheritance dialog box, select whether you want to:
- Convert inherited permissions on this object into explicit permissions: This option changes inherited permissions to explicit permissions. Any new users or groups will not inherit permissions from the parent.
- Remove all inherited permissions from this object: This option removes all existing permissions inherited from the parent level. Any new users or groups will not inherit permissions from the parent.
Click Disable.

If you chose to convert inherited permissions, the check mark in the Inherited column changes into an X. If you chose to remove inherited, all users and groups disappear from the list.
Click Save or OK to accept the changes, or Discard Changes or Cancel to undo them.

In the User Permissions window, click Enable Inheritance.

Information note
This option enables inheritance for all users and groups on this level.
In the Enable Inheritance dialog box, select whether you want to:
- Inherit all permissions from parent and override any definition manually made at this level: This option reinstates inherited permissions for all users and groups that are already defined, and new users and groups will inherit their permissions from the parent level.
- Inherit all permissions from parent but keep definitions manually made at this level: This option preserves the permissions already defined for the existing users and groups and adds all permissions from the parent level. New users and groups will inherit permissions from the parent level.
Click Enable.
Click Save or OK to accept the changes, or Discard Changes or Cancel to undo them.

In the User Permissions window, adjust the permission slider for a user or group as desired.

Information note
Adjusting the slider stops inheritance from the parent object.
Click Save or OK to accept the changes, or Discard Changes or Cancel to undo them.

In the User Permissions window, click Add.
In the Add User/Group dialog box, select User or Group.
Enter the name for the new user or group in the following format:
- NetBIOS_name\user (for example: qa\qa)
- machine_name/local_user (for example: re2008r2js1\JohnMil1)
- username - This format is supported with SAML authentication only. The user/group name can contain any Unicode character up to 255 characters and must be a valid Identity Provider user (Okta or Microsoft Azure).
Click OK to add the group and close the dialog box.
Click Save or OK to accept the changes, or Discard Changes or Cancel to undo them.

In the User Permissions window, select the user or group you want to remove.
Click Remove.
When prompted, click Yes to confirm.
Click Save or OK to accept the changes, or Discard Changes or Cancel to undo them.

In the User Permissions window, select the user or group.
Click Restore Inheritance .

The check mark returns to the Inherited column to indicate that permissions for this user or group are inherited from the parent.

In the User Permissions window, do one of the following:
- Select a user in the list on the left.
- If a user does not appear in the list but exists in the system and is part of a group, enter the user name in the text field in the Effective Permissions pane on the right.
  
  Make sure to use the following format:
  - NetBIOS_name\user (for example: qa\qa)
  - machine_name/local_user (for example: re2008r2js1\JohnMil1)
Click Get Effective Permissions.

The effective permissions for the user you entered appear below the button.

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – let us know how we can improve!

Leave your feedback here